0345 4506120

Cisco Identity Services Engine Essentials

Course Details

Name Cisco Identity Services Engine Essentials
Virtual Classroom
Start Date:
Working Days:
£1634.00 +vat
Course ID:


In this course, you will learn about the Cisco Identity Services Engine (ISE) a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x and MAB. The training provides learners with the knowledge and skills to implement 802.1X and MAB for wired and wireless endpoints. The class focuses on configuring Network Access Devices (IOS switches, and Wireless Lan Controllers) with commands necessary for ISE integration. The class also covers configuration of endpoints to use the native Microsoft supplicant with PEAP and EAP-TLS, as well as the Cisco NAM supplicant with EAP-FAST. Time is taken to explore Microsoft Active Directory group policy for endpoint configuration, and to cover integration of an enterprise CA for certificate based authentication.

This course is an intensive hands-on experience. With enhanced hands-on labs, you will setup and patch an ISE node, and use and enterprise CA to configure certificate services for use in a distributed deployment. You will integrate ISE with Active Directory and configure Group Policy to automatically enroll endpoints with an enterprise CA for TLS based authentication. You will configure and test AAA and 802.1X on an IOS switch using classical commands to integrate with ISE. You will migrate and test an IOS switch configuration to use the new-mode IBNS 2.0 Cisco Common Classification Policy Language (C3PL). You will configure and test a Cisco Wireless LAN Controller (WLC) with advanced ISE features. The class also covers the new ISE 2.3 conditions studio and its use in Policy Sets for Authentication/Authorization rules, Profiling of endpoints on the network, and Device Administration using TACACS+.

Target Audience

Consulting systems engineers; Technical solutions architects; Integrators who install and implement the Cisco ISE version 2.3; End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE 2.3. Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product

Learning Objectives

After completing this course you should be able to:

  • Implement Best Practices for Designing and Deploying a Distributed Cisco ISE Solution
  • Install certificates into ISE using a Windows 2012 Certificate Authority (CA)
  • Configure the Local and Active Directory Based Identity Store and use of Identity Source Sequences
  • Implement Best Practices for configuring a Cisco IOS Switch for use with ISE
  • Migrate an existing Cisco IOS Switch configuration to New-Mode Cisco Common Classification Policy Language (C3PL)
  • Implement Best Practices for configuring a Cisco Wireless LAN Controller (WLC) for use with ISE
  • Configure Policy Sets and Network Access Devices in ISE
  • Implement & Test 802.1X in ISE for wired PEAP, EAP-FAST & EAP-TLS Supplicants
  • Implement & Test 802.1X in ISE for wireless EAP-FAST & EAP-TLS Supplicants
  • Implement & Test MAC Authentication Bypass (MAB) in ISE for wired and wireless endpoints
  • Turn on Endpoint Profiling and use it to identify popular endpoints such as Windows and Apple iOS devices.
  • Implement TACACS+ for Switch and WLC Device Administration


Attendees should meet the following prerequisites:

  • CCNA Security or equivalent level of experience with Cisco devices (Interconnecting Cisco Network Devices pt1 + Implementing Cisco Network Security)
  • Foundation-level wireless knowledge and skills
  • Familiarity with Microsoft Windows and Microsoft Active Directory
  • Familiarity with 802.1X
  • Familiarity with Cisco ASA
  • Familiarity with Cisco AnyConnect Secure Mobility Client

Course Content

Cisco ISE Architecture and Deployment

  • Cisco ISE Features Overview
  • PKI in an ISE deployment
  • Cisco ISE Deployment Models

Cisco ISE Identity Management

  • Configuring Cisco ISE Internal Identity Sources
  • Configuring Cisco ISE External Identity Sources
  • Configuring Endpoints for Certificate Based Authentication

Cisco ISE Policy Enforcement

  • Registering Network Access Devices in Cisco ISE
  • Working with ISE Dictionaries
  • Configuring Cisco ISE Policy Sets
  • Using the Cisco ISE Conditions Studio to Configure Policy Elements
  • Creating Downloadable ACLs and Authorization Profiles
  • Configuring Authentication Policy Rules including Identity Source and Allowed Protocols
  • Configuring Authorization Policy Rules including conditions and authorization profiles

Introducing Wired and Wireless 802.1X and MAB

  • Overview of 802.1X Including Commonly implemented Extensible Authentication Protocols (EAPs)
  • Configuring a Cisco IOS Switch using Identity-Based Network Services (IBNS) commands for integration with ISE including
  • Configure and Test 802.1x supplicant parameters on a wired endpoint using PEAP and EAP-TLS
  • Migrating to IBNS 2.0 Cisco Common Classification Policy Language (C3PL) commands on a Cisco Switch
  • Configure and Test 802.1x supplicant parameters on a wired endpoint using EAP-FAST
  • Configuring a Cisco WLC for integration with ISE from the WLC CLI and GUI
  • Configure and Test 802.1x supplicant parameters on a wireless endpoint using EAP-FAST and EAP-TLS
  • Implement and Test MAC Authentication Bypass in ISE for non-supplicant Endpoints

Cisco ISE Profiler for Endpoint Discovery and Classification

  • Configuring Profiler Probes
  • Working with the Profiler Feed Service
  • Implementing Profiler Policy and Identity Groups
  • Using Profiler Logical Profiles

Cisco ISE TACACS+ for wired and wireless Device Administration

  • Configuring TACACS Policy Sets
  • Working with Identity Sources for Authentication
  • Configuring Shell Profiles and Command Sets for Authorization
  • Performing Wired and Wireless Device Administration


    • Lab 1: Setup an ISE Node and Configure Certificates
    • Lab 2: Register an ISE Node in a Distributed Deployment
    • Lab 3: Integrate ISE with Active Directory
    • Lab 4: Configure Endpoints for Certificate Based Authentication
    • Lab 5: Register NADs and Configure ISE Policy
    • Lab 6: Configure an IOS Switch and Test Wired PEAP and EAP-TLS
    • Lab 7: Migrate a Switch to IBNS 2.0 (C3PL) and Test Wired EAP-FAST
    • Lab 8: Configure a WLC and Test Wireless EAP-FAST
    • Lab 9: Implement MAC Authentication Bypass (MAB)
    • Lab 10: Configure and Test Endpoint Profiling
    • Lab 11: Implement TACACS+ for Switches and WLCs

    Virtual Training Centre


    What you need to do before you start your course:

    • Look out for an email from us with a link to how to log into this new Zoom experience

    Once logged in you can access the virtual classroom and recordings via the web from your ‘dashboard’ by selecting My Courses > Instructor-led Courses

    Additional information:

    • The first time a student launches a Zoom course, they may need to download and run Zoom by using the link provided.
    • The Zoom platform uses fully integrated VoIP Audio solutions, this is the recommended and preferred way of connecting to the audio conversations, if this is unsuitable we will provide alternatives.
    • Students can choose their screen name to be saved for all future courses.
    • Students will automatically be placed on mute when joining the course.
    • Students can use any of the control functions to add chat, share screens, start a separate video, raise hand or mute/unmute.
    • Recordings will be visible 24 hours after the event end date and they will be available for up to 12 months. They are also accessible from My Courses page within their online account.
    • Technical support will be provided throughout the course. More information will be provided in the Joining Instructions before the course starts.

    Recommended as preparation for the following exam:

    • There are no exams currently aligned to this course.

    Our Customers Include